McAfee Survey Shows Disconnect between Security Perceptions, Reality

Results of a new survey show a “serious disconnect between security perceptions and reality among IT Enterprise security managers” according to survey sponsor McAfee.

The 2011 Data Center Security Survey, conducted by Gabriel Consulting Group (GCG), looked at security issues at 147 enterprise data center managers. Most respondents (60 percent) say that their organization’s management believes “security is stronger than it actually is,” and just under a quarter (22 percent) believe management knows about their company’s actual security preparedness.

“It’s astounding that almost two-thirds of our respondents say that their management is in the dark about their true security status,” said Dan Olds, principal analyst at Gabriel Consulting Group, in a prepared release from McAfee. “This is something that should cause a lot of thought both in the executive suite and in the data center. Management needs to seek out the truth when it comes to IT security, and data center management needs to be frank and honest when discussing the strengths and weaknesses of their security mechanisms. Obviously, it’s far better to discuss potential security issues before they’re exposed by a breach.”

Almost half of the survey participants said “virtualization and private clouds pose a unique security challenge.” Despite that, most use the same tools “to secure both physical and virtualized systems.” About 20 percent claimed their organization had been breached in the past 18 months; over 60 percent of those breaches were from outsiders. Eighty percent said they lost worker productivity as a result.

When it comes to remediation, the survey revealed a dramatic split among respondents. Remediation includes breach discovery, damage assessment, notification, and problem correction. Over 40 percent claimed that “their breach remediation was an ‘all hands on deck’ effort” that required at least half of their IT staff and other resources. For most others (48 percent), remediation required no more than 20 percent of their IT resources.

Likewise, there was a split in the time it took to get the job done. “Almost half reported that their efforts took one week [or less, but] just under 40 percent said that remediation took at least a month -- or longer.”

Among the other results from the GCG report:

• Over four in ten respondents believe their organization’s “security pace isn’t keeping up with threats”
• About 70 percent are skeptical about security in public clouds
• Four in 10 (40 percent) say everyday security doesn’t conform to their official policies and standards

-- James E. Powell
Editorial Director, ESJ

Posted by Jim Powell on 10/05/2011